Currently, the only way I know to retrieve the administrator password from a newly created EC2 windows instance is through the AWS management console. This is fine, but I need to know how to accomplish this via the Java API - I can't seem to find anything on the subject. Also, once obtained, how do I modify the password using the same API?

4 Answers
4

The EC2 API has a call "GetPasswordData" which you can use to retrieve an encrypted block of data containing the Administrator password. To decrypt it, you need 2 things:

First, the private key. This is the private half of the keypair you used to instantiate the instance. A complication is that normally Amazon uses keys in PEM format ("-----BEGIN"...) but the Java Crypto API wants keys in DER format. You can do the conversion yourself - strip off the -----BEGIN and -----END lines, take the block of text in the middle and base64-decode it.

Second, the encryption parameters. The data is encrypted with RSA, with PKCS1 padding – so the magic invocation to give to JCE is: Cipher.getInstance("RSA/NONE/PKCS1Padding")

Here's a full example (that relies on BouncyCastle, but could be modified to use a different crypto engine)

hmm, interesting approach - not quite what I need. the user would put in a password to configure the instance (through a custom interface) so, the password would be different everytime. if i were to give it a default password i'd still have the same problem (minus the decryption step) in that I'd have RDP into the instance to change the password to something else. i'd like to configure the password without ever leaving the code.
–
Johnny RayApr 5 '11 at 18:02

For experimental Windows instances, I find the approach outlined by Spencer to be indispensable. Windows on EC2 is super annoying if you have to wait for the encrypted password to be available via the web console or APIs. This regularly takes >30 minutes and sometimes up to hours for no obvious reason, whereas the actual image boots rather quickly. No idea why this is, but if you bake an admin password into your image, you can access it within a minute or so.
–
liamfOct 24 '11 at 16:32

You can also create a Image with default user name and Password setup on that Image.And then launch all instances with that image id..so that you dont need to create and retrieve password evry time..just launch your instance rdp that launched instance with definde credntials in Image. I am doing same.And its perfectly working for me.